diff --git a/policy/ssl-ciphers.bro b/policy/ssl-ciphers.bro index 143244d364..307565eb36 100644 --- a/policy/ssl-ciphers.bro +++ b/policy/ssl-ciphers.bro @@ -11,154 +11,218 @@ const SSLv20_CK_IDEA_128_CBC_WITH_MD5 = 0x050080; const SSLv20_CK_DES_64_CBC_WITH_MD5 = 0x060040; const SSLv20_CK_DES_192_EDE3_CBC_WITH_MD5 = 0x0700C0; -# --- sslv3x --- - -const SSLv3x_NULL_WITH_NULL_NULL = 0x0000; - -# The following CipherSuite definitions require that the server -# provide an RSA certificate that can be used for key exchange. The -# server may request either an RSA or a DSS signature-capable -# certificate in the certificate request message. - -const SSLv3x_RSA_WITH_NULL_MD5 = 0x0001; -const SSLv3x_RSA_WITH_NULL_SHA = 0x0002; -const SSLv3x_RSA_EXPORT_WITH_RC4_40_MD5 = 0x0003; -const SSLv3x_RSA_WITH_RC4_128_MD5 = 0x0004; -const SSLv3x_RSA_WITH_RC4_128_SHA = 0x0005; -const SSLv3x_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = 0x0006; -const SSLv3x_RSA_WITH_IDEA_CBC_SHA = 0x0007; -const SSLv3x_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0008; -const SSLv3x_RSA_WITH_DES_CBC_SHA = 0x0009; -const SSLv3x_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A; - -# The following CipherSuite definitions are used for -# server-authenticated (and optionally client-authenticated) -# Diffie-Hellman. DH denotes cipher suites in which the server's -# certificate contains the Diffie-Hellman parameters signed by the -# certificate authority (CA). DHE denotes ephemeral Diffie-Hellman, -# where the Diffie-Hellman parameters are signed by a DSS or RSA -# certificate, which has been signed by the CA. The signing -# algorithm used is specified after the DH or DHE parameter. In all -# cases, the client must have the same type of certificate, and must -# use the Diffie-Hellman parameters chosen by the server. - -const SSLv3x_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x000B; -const SSLv3x_DH_DSS_WITH_DES_CBC_SHA = 0x000C; -const SSLv3x_DH_DSS_WITH_3DES_EDE_CBC_SHA = 0x000D; -const SSLv3x_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x000E; -const SSLv3x_DH_RSA_WITH_DES_CBC_SHA = 0x000F; -const SSLv3x_DH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0010; -const SSLv3x_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x0011; -const SSLv3x_DHE_DSS_WITH_DES_CBC_SHA = 0x0012; -const SSLv3x_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 0x0013; -const SSLv3x_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0014; -const SSLv3x_DHE_RSA_WITH_DES_CBC_SHA = 0x0015; -const SSLv3x_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x0016; - -# The following cipher suites are used for completely anonymous -# Diffie-Hellman communications in which neither party is -# authenticated. Note that this mode is vulnerable to -# man-in-the-middle attacks and is therefore strongly discouraged. - -const SSLv3x_DH_anon_EXPORT_WITH_RC4_40_MD5 = 0x0017; -const SSLv3x_DH_anon_WITH_RC4_128_MD5 = 0x0018; -const SSLv3x_DH_anon_EXPORT_WITH_DES40_CBC_SHA = 0x0019; -const SSLv3x_DH_anon_WITH_DES_CBC_SHA = 0x001A; -const SSLv3x_DH_anon_WITH_3DES_EDE_CBC_SHA = 0x001B; - -# The final cipher suites are for the FORTEZZA token. - -const SSLv3x_FORTEZZA_KEA_WITH_NULL_SHA = 0x001C; -const SSLv3x_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA = 0x001D; -# This seems to be assigned to a Kerberos cipher in TLS 1.1 -#const SSLv3x_FORTEZZA_KEA_WITH_RC4_128_SHA = 0x001E; - - -# Following are some newer ciphers defined in RFC 4346 (TLS 1.1) - -# Kerberos ciphers - -const SSLv3x_KRB5_WITH_DES_CBC_SHA = 0x001E; -const SSLv3x_KRB5_WITH_3DES_EDE_CBC_SHA = 0x001F; -const SSLv3x_KRB5_WITH_RC4_128_SHA = 0x0020; -const SSLv3x_KRB5_WITH_IDEA_CBC_SHA = 0x0021; -const SSLv3x_KRB5_WITH_DES_CBC_MD5 = 0x0022; -const SSLv3x_KRB5_WITH_3DES_EDE_CBC_MD5 = 0x0023; -const SSLv3x_KRB5_WITH_RC4_128_MD5 = 0x0024; -const SSLv3x_KRB5_WITH_IDEA_CBC_MD5 = 0x0025; - -# Kerberos export ciphers - -const SSLv3x_KRB5_EXPORT_WITH_DES_CBC_40_SHA = 0x0026; -const SSLv3x_KRB5_EXPORT_WITH_RC2_CBC_40_SHA = 0x0027; -const SSLv3x_KRB5_EXPORT_WITH_RC4_40_SHA = 0x0028; -const SSLv3x_KRB5_EXPORT_WITH_DES_CBC_40_MD5 = 0x0029; -const SSLv3x_KRB5_EXPORT_WITH_RC2_CBC_40_MD5 = 0x002A; -const SSLv3x_KRB5_EXPORT_WITH_RC4_40_MD5 = 0x002B; - - -# AES ciphers - -const SSLv3x_RSA_WITH_AES_128_CBC_SHA = 0x002F; -const SSLv3x_DH_DSS_WITH_AES_128_CBC_SHA = 0x0030; -const SSLv3x_DH_RSA_WITH_AES_128_CBC_SHA = 0x0031; -const SSLv3x_DHE_DSS_WITH_AES_128_CBC_SHA = 0x0032; -const SSLv3x_DHE_RSA_WITH_AES_128_CBC_SHA = 0x0033; -const SSLv3x_DH_anon_WITH_AES_128_CBC_SHA = 0x0034; -const SSLv3x_RSA_WITH_AES_256_CBC_SHA = 0x0035; -const SSLv3x_DH_DSS_WITH_AES_256_CBC_SHA = 0x0036; -const SSLv3x_DH_RSA_WITH_AES_256_CBC_SHA = 0x0037; -const SSLv3x_DHE_DSS_WITH_AES_256_CBC_SHA = 0x0038; -const SSLv3x_DHE_RSA_WITH_AES_256_CBC_SHA = 0x0039; -const SSLv3x_DH_anon_WITH_AES_256_CBC_SHA = 0x003A; - -# Mostly more RFC defined suites -const TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0041; # [RFC4132] -const TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA = 0x0042; # [RFC4132] -const TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0043; # [RFC4132] -const TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA = 0x0044; # [RFC4132] -const TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0045; # [RFC4132] -const TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA = 0x0046; # [RFC4132] - -# The following are tagged as "Widely Deployed implementation": -const TLS_ECDH_ECDSA_WITH_NULL_SHA = 0x0047; -const TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0x0048; -const TLS_ECDH_ECDSA_WITH_DES_CBC_SHA = 0x0049; -const TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x004A; -const TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 0x004B; -const TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0x004C; -const TLS_CK_RSA_EXPORT1024_WITH_RC4_56_MD5 = 0x0060; -const TLS_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 = 0x0061; -const TLS_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA = 0x0062; -const TLS_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA = 0x0063; -const TLS_CK_RSA_EXPORT1024_WITH_RC4_56_SHA = 0x0064; -const TLS_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA = 0x0065; -const TLS_CK_DHE_DSS_WITH_RC4_128_SHA = 0x0066; - -const TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0084; # [RFC4132] -const TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA = 0x0085; # [RFC4132] -const TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0086; # [RFC4132] -const TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA = 0x0087; # [RFC4132] -const TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0088; # [RFC4132] -const TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA = 0x0089; # [RFC4132] -const TLS_PSK_WITH_RC4_128_SHA = 0x008A; # [RFC4279] -const TLS_PSK_WITH_3DES_EDE_CBC_SHA = 0x008B; # [RFC4279] -const TLS_PSK_WITH_AES_128_CBC_SHA = 0x008C; # [RFC4279] -const TLS_PSK_WITH_AES_256_CBC_SHA = 0x008D; # [RFC4279] -const TLS_DHE_PSK_WITH_RC4_128_SHA = 0x008E; # [RFC4279] -const TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA = 0x008F; # [RFC4279] -const TLS_DHE_PSK_WITH_AES_128_CBC_SHA = 0x0090; # [RFC4279] -const TLS_DHE_PSK_WITH_AES_256_CBC_SHA = 0x0091; # [RFC4279] -const TLS_RSA_PSK_WITH_RC4_128_SHA = 0x0092; # [RFC4279] -const TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA = 0x0093; # [RFC4279] -const TLS_RSA_PSK_WITH_AES_128_CBC_SHA = 0x0094; # [RFC4279] -const TLS_RSA_PSK_WITH_AES_256_CBC_SHA = 0x0095; # [RFC4279] -const TLS_RSA_WITH_SEED_CBC_SHA = 0x0096; # [RFC4162] -const TLS_DH_DSS_WITH_SEED_CBC_SHA = 0x0097; # [RFC4162] -const TLS_DH_RSA_WITH_SEED_CBC_SHA = 0x0098; # [RFC4162] -const TLS_DHE_DSS_WITH_SEED_CBC_SHA = 0x0099; # [RFC4162] -const TLS_DHE_RSA_WITH_SEED_CBC_SHA = 0x009A; # [RFC4162] -const TLS_DH_anon_WITH_SEED_CBC_SHA = 0x009B; # [RFC4162] +# --- TLS --- +const TLS_NULL_WITH_NULL_NULL = 0x0000; +const TLS_RSA_WITH_NULL_MD5 = 0x0001; +const TLS_RSA_WITH_NULL_SHA = 0x0002; +const TLS_RSA_EXPORT_WITH_RC4_40_MD5 = 0x0003; +const TLS_RSA_WITH_RC4_128_MD5 = 0x0004; +const TLS_RSA_WITH_RC4_128_SHA = 0x0005; +const TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = 0x0006; +const TLS_RSA_WITH_IDEA_CBC_SHA = 0x0007; +const TLS_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0008; +const TLS_RSA_WITH_DES_CBC_SHA = 0x0009; +const TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A; +const TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x000B; +const TLS_DH_DSS_WITH_DES_CBC_SHA = 0x000C; +const TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA = 0x000D; +const TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x000E; +const TLS_DH_RSA_WITH_DES_CBC_SHA = 0x000F; +const TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0010; +const TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x0011; +const TLS_DHE_DSS_WITH_DES_CBC_SHA = 0x0012; +const TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 0x0013; +const TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0014; +const TLS_DHE_RSA_WITH_DES_CBC_SHA = 0x0015; +const TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x0016; +const TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5 = 0x0017; +const TLS_DH_ANON_WITH_RC4_128_MD5 = 0x0018; +const TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA = 0x0019; +const TLS_DH_ANON_WITH_DES_CBC_SHA = 0x001A; +const TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA = 0x001B; +const SSL_FORTEZZA_KEA_WITH_NULL_SHA = 0x001C; +const SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA = 0x001D; +const TLS_KRB5_WITH_DES_CBC_SHA = 0x001E; +const TLS_KRB5_WITH_3DES_EDE_CBC_SHA = 0x001F; +const TLS_KRB5_WITH_RC4_128_SHA = 0x0020; +const TLS_KRB5_WITH_IDEA_CBC_SHA = 0x0021; +const TLS_KRB5_WITH_DES_CBC_MD5 = 0x0022; +const TLS_KRB5_WITH_3DES_EDE_CBC_MD5 = 0x0023; +const TLS_KRB5_WITH_RC4_128_MD5 = 0x0024; +const TLS_KRB5_WITH_IDEA_CBC_MD5 = 0x0025; +const TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA = 0x0026; +const TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA = 0x0027; +const TLS_KRB5_EXPORT_WITH_RC4_40_SHA = 0x0028; +const TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 = 0x0029; +const TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5 = 0x002A; +const TLS_KRB5_EXPORT_WITH_RC4_40_MD5 = 0x002B; +const TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F; +const TLS_DH_DSS_WITH_AES_128_CBC_SHA = 0x0030; +const TLS_DH_RSA_WITH_AES_128_CBC_SHA = 0x0031; +const TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 0x0032; +const TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x0033; +const TLS_DH_ANON_WITH_AES_128_CBC_SHA = 0x0034; +const TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035; +const TLS_DH_DSS_WITH_AES_256_CBC_SHA = 0x0036; +const TLS_DH_RSA_WITH_AES_256_CBC_SHA = 0x0037; +const TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 0x0038; +const TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x0039; +const TLS_DH_ANON_WITH_AES_256_CBC_SHA = 0x003A; +const TLS_RSA_WITH_NULL_SHA256 = 0x003B; +const TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x003C; +const TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x003D; +const TLS_DH_DSS_WITH_AES_128_CBC_SHA256 = 0x003E; +const TLS_DH_RSA_WITH_AES_128_CBC_SHA256 = 0x003F; +const TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 = 0x0040; +const TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0041; +const TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA = 0x0042; +const TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0043; +const TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA = 0x0044; +const TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0045; +const TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA = 0x0046; +const TLS_RSA_EXPORT1024_WITH_RC4_56_MD5 = 0x0060; +const TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 = 0x0061; +const TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA = 0x0062; +const TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA = 0x0063; +const TLS_RSA_EXPORT1024_WITH_RC4_56_SHA = 0x0064; +const TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA = 0x0065; +const TLS_DHE_DSS_WITH_RC4_128_SHA = 0x0066; +const TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x0067; +const TLS_DH_DSS_WITH_AES_256_CBC_SHA256 = 0x0068; +const TLS_DH_RSA_WITH_AES_256_CBC_SHA256 = 0x0069; +const TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 = 0x006A; +const TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x006B; +const TLS_DH_ANON_WITH_AES_128_CBC_SHA256 = 0x006C; +const TLS_DH_ANON_WITH_AES_256_CBC_SHA256 = 0x006D; +const TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0084; +const TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA = 0x0085; +const TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0086; +const TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA = 0x0087; +const TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0088; +const TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA = 0x0089; +const TLS_PSK_WITH_RC4_128_SHA = 0x008A; +const TLS_PSK_WITH_3DES_EDE_CBC_SHA = 0x008B; +const TLS_PSK_WITH_AES_128_CBC_SHA = 0x008C; +const TLS_PSK_WITH_AES_256_CBC_SHA = 0x008D; +const TLS_DHE_PSK_WITH_RC4_128_SHA = 0x008E; +const TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA = 0x008F; +const TLS_DHE_PSK_WITH_AES_128_CBC_SHA = 0x0090; +const TLS_DHE_PSK_WITH_AES_256_CBC_SHA = 0x0091; +const TLS_RSA_PSK_WITH_RC4_128_SHA = 0x0092; +const TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA = 0x0093; +const TLS_RSA_PSK_WITH_AES_128_CBC_SHA = 0x0094; +const TLS_RSA_PSK_WITH_AES_256_CBC_SHA = 0x0095; +const TLS_RSA_WITH_SEED_CBC_SHA = 0x0096; +const TLS_DH_DSS_WITH_SEED_CBC_SHA = 0x0097; +const TLS_DH_RSA_WITH_SEED_CBC_SHA = 0x0098; +const TLS_DHE_DSS_WITH_SEED_CBC_SHA = 0x0099; +const TLS_DHE_RSA_WITH_SEED_CBC_SHA = 0x009A; +const TLS_DH_ANON_WITH_SEED_CBC_SHA = 0x009B; +const TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x009C; +const TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x009D; +const TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x009E; +const TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x009F; +const TLS_DH_RSA_WITH_AES_128_GCM_SHA256 = 0x00A0; +const TLS_DH_RSA_WITH_AES_256_GCM_SHA384 = 0x00A1; +const TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 = 0x00A2; +const TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 = 0x00A3; +const TLS_DH_DSS_WITH_AES_128_GCM_SHA256 = 0x00A4; +const TLS_DH_DSS_WITH_AES_256_GCM_SHA384 = 0x00A5; +const TLS_DH_ANON_WITH_AES_128_GCM_SHA256 = 0x00A6; +const TLS_DH_ANON_WITH_AES_256_GCM_SHA384 = 0x00A7; +const TLS_PSK_WITH_AES_128_GCM_SHA256 = 0x00A8; +const TLS_PSK_WITH_AES_256_GCM_SHA384 = 0x00A9; +const TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = 0x00AA; +const TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = 0x00AB; +const TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 = 0x00AC; +const TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 = 0x00AD; +const TLS_PSK_WITH_AES_128_CBC_SHA256 = 0x00AE; +const TLS_PSK_WITH_AES_256_CBC_SHA384 = 0x00AF; +const TLS_PSK_WITH_NULL_SHA256 = 0x00B0; +const TLS_PSK_WITH_NULL_SHA384 = 0x00B1; +const TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = 0x00B2; +const TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = 0x00B3; +const TLS_DHE_PSK_WITH_NULL_SHA256 = 0x00B4; +const TLS_DHE_PSK_WITH_NULL_SHA384 = 0x00B5; +const TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 = 0x00B6; +const TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 = 0x00B7; +const TLS_RSA_PSK_WITH_NULL_SHA256 = 0x00B8; +const TLS_RSA_PSK_WITH_NULL_SHA384 = 0x00B9; +const TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BA; +const TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BB; +const TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BC; +const TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BD; +const TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BE; +const TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BF; +const TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C0; +const TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C1; +const TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C2; +const TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C3; +const TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C4; +const TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C5; +const TLS_ECDH_ECDSA_WITH_NULL_SHA = 0xC001; +const TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0xC002; +const TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0xC003; +const TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 0xC004; +const TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0xC005; +const TLS_ECDHE_ECDSA_WITH_NULL_SHA = 0xC006; +const TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0xC007; +const TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0xC008; +const TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0xC009; +const TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0xC00A; +const TLS_ECDH_RSA_WITH_NULL_SHA = 0xC00B; +const TLS_ECDH_RSA_WITH_RC4_128_SHA = 0xC00C; +const TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = 0xC00D; +const TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = 0xC00E; +const TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 0xC00F; +const TLS_ECDHE_RSA_WITH_NULL_SHA = 0xC010; +const TLS_ECDHE_RSA_WITH_RC4_128_SHA = 0xC011; +const TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0xC012; +const TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0xC013; +const TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0xC014; +const TLS_ECDH_ANON_WITH_NULL_SHA = 0xC015; +const TLS_ECDH_ANON_WITH_RC4_128_SHA = 0xC016; +const TLS_ECDH_ANON_WITH_3DES_EDE_CBC_SHA = 0xC017; +const TLS_ECDH_ANON_WITH_AES_128_CBC_SHA = 0xC018; +const TLS_ECDH_ANON_WITH_AES_256_CBC_SHA = 0xC019; +const TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA = 0xC01A; +const TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA = 0xC01B; +const TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA = 0xC01C; +const TLS_SRP_SHA_WITH_AES_128_CBC_SHA = 0xC01D; +const TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA = 0xC01E; +const TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA = 0xC01F; +const TLS_SRP_SHA_WITH_AES_256_CBC_SHA = 0xC020; +const TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA = 0xC021; +const TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA = 0xC022; +const TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC023; +const TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC024; +const TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC025; +const TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC026; +const TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0xC027; +const TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0xC028; +const TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = 0xC029; +const TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 0xC02A; +const TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02B; +const TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02C; +const TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02D; +const TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02E; +const TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0xC02F; +const TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0xC030; +const TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 0xC031; +const TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = 0xC032; +const TLS_ECDHE_PSK_WITH_RC4_128_SHA = 0xC033; +const TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA = 0xC034; +const TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA = 0xC035; +const TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA = 0xC036; +const TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 = 0xC037; +const TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 = 0xC038; +const TLS_ECDHE_PSK_WITH_NULL_SHA = 0xC039; +const TLS_ECDHE_PSK_WITH_NULL_SHA256 = 0xC03A; +const TLS_ECDHE_PSK_WITH_NULL_SHA384 = 0xC03B; +const SSL_RSA_FIPS_WITH_DES_CBC_SHA = 0xFEFE; +const SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA = 0xFEFF; +const SSL_RSA_FIPS_WITH_DES_CBC_SHA_2 = 0xFFE1; +const SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA_2 = 0xFFE0; # Cipher specifications native to TLS can be included in Version 2.0 client @@ -186,196 +250,218 @@ const ssl_cipher_desc: table[count] of string = { "SSLv20_CK_DES_192_EDE3_CBC_WITH_MD5", [SSLv20_CK_DES_64_CBC_WITH_MD5] = "SSLv20_CK_DES_64_CBC_WITH_MD5", - # --- sslv3x --- - [SSLv3x_NULL_WITH_NULL_NULL] = "SSLv3x_NULL_WITH_NULL_NULL", - - [SSLv3x_RSA_WITH_NULL_MD5] = "SSLv3x_RSA_WITH_NULL_MD5", - [SSLv3x_RSA_WITH_NULL_SHA] = "SSLv3x_RSA_WITH_NULL_SHA", - [SSLv3x_RSA_EXPORT_WITH_RC4_40_MD5] = - "SSLv3x_RSA_EXPORT_WITH_RC4_40_MD5", - [SSLv3x_RSA_WITH_RC4_128_MD5] = "SSLv3x_RSA_WITH_RC4_128_MD5", - [SSLv3x_RSA_WITH_RC4_128_SHA] = "SSLv3x_RSA_WITH_RC4_128_SHA", - [SSLv3x_RSA_EXPORT_WITH_RC2_CBC_40_MD5] = - "SSLv3x_RSA_EXPORT_WITH_RC2_CBC_40_MD5", - [SSLv3x_RSA_WITH_IDEA_CBC_SHA] = "SSLv3x_RSA_WITH_IDEA_CBC_SHA", - [SSLv3x_RSA_EXPORT_WITH_DES40_CBC_SHA] = - "SSLv3x_RSA_EXPORT_WITH_DES40_CBC_SHA", - [SSLv3x_RSA_WITH_DES_CBC_SHA] = "SSLv3x_RSA_WITH_DES_CBC_SHA", - [SSLv3x_RSA_WITH_3DES_EDE_CBC_SHA] = "SSLv3x_RSA_WITH_3DES_EDE_CBC_SHA", - - [SSLv3x_DH_DSS_EXPORT_WITH_DES40_CBC_SHA] = - "SSLv3x_DH_DSS_EXPORT_WITH_DES40_CBC_SHA", - [SSLv3x_DH_DSS_WITH_DES_CBC_SHA] = "SSLv3x_DH_DSS_WITH_DES_CBC_SHA", - [SSLv3x_DH_DSS_WITH_3DES_EDE_CBC_SHA] = - "SSLv3x_DH_DSS_WITH_3DES_EDE_CBC_SHA", - [SSLv3x_DH_RSA_EXPORT_WITH_DES40_CBC_SHA] = - "SSLv3x_DH_RSA_EXPORT_WITH_DES40_CBC_SHA", - [SSLv3x_DH_RSA_WITH_DES_CBC_SHA] = "SSLv3x_DH_RSA_WITH_DES_CBC_SHA", - [SSLv3x_DH_RSA_WITH_3DES_EDE_CBC_SHA] = - "SSLv3x_DH_RSA_WITH_3DES_EDE_CBC_SHA", - [SSLv3x_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA] = - "SSLv3x_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", - [SSLv3x_DHE_DSS_WITH_DES_CBC_SHA] = "SSLv3x_DHE_DSS_WITH_DES_CBC_SHA", - [SSLv3x_DHE_DSS_WITH_3DES_EDE_CBC_SHA] = - "SSLv3x_DHE_DSS_WITH_3DES_EDE_CBC_SHA", - [SSLv3x_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA] = - "SSLv3x_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", - [SSLv3x_DHE_RSA_WITH_DES_CBC_SHA] = "SSLv3x_DHE_RSA_WITH_DES_CBC_SHA", - [SSLv3x_DHE_RSA_WITH_3DES_EDE_CBC_SHA] = - "SSLv3x_DHE_RSA_WITH_3DES_EDE_CBC_SHA", - - [SSLv3x_DH_anon_EXPORT_WITH_RC4_40_MD5] = - "SSLv3x_DH_anon_EXPORT_WITH_RC4_40_MD5", - [SSLv3x_DH_anon_WITH_RC4_128_MD5] = "SSLv3x_DH_anon_WITH_RC4_128_MD5", - [SSLv3x_DH_anon_EXPORT_WITH_DES40_CBC_SHA] = - "SSLv3x_DH_anon_EXPORT_WITH_DES40_CBC_SHA", - [SSLv3x_DH_anon_WITH_DES_CBC_SHA] = "SSLv3x_DH_anon_WITH_DES_CBC_SHA", - [SSLv3x_DH_anon_WITH_3DES_EDE_CBC_SHA] = - "SSLv3x_DH_anon_WITH_3DES_EDE_CBC_SHA", - - [SSLv3x_FORTEZZA_KEA_WITH_NULL_SHA] = - "SSLv3x_FORTEZZA_KEA_WITH_NULL_SHA", - [SSLv3x_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA] = - "SSLv3x_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA", - [SSLv3x_KRB5_WITH_DES_CBC_SHA] = - "SSLv3x_KRB5_WITH_DES_CBC_SHA", - [SSLv3x_KRB5_WITH_3DES_EDE_CBC_SHA] = - "SSLv3x_KRB5_WITH_3DES_EDE_CBC_SHA", - [SSLv3x_KRB5_WITH_RC4_128_SHA] = - "SSLv3x_KRB5_WITH_RC4_128_SHA", - [SSLv3x_KRB5_WITH_IDEA_CBC_SHA] = - "SSLv3x_KRB5_WITH_IDEA_CBC_SHA", - [SSLv3x_KRB5_WITH_DES_CBC_MD5] = - "SSLv3x_KRB5_WITH_DES_CBC_MD5", - [SSLv3x_KRB5_WITH_3DES_EDE_CBC_MD5] = - "SSLv3x_KRB5_WITH_3DES_EDE_CBC_MD5", - [SSLv3x_KRB5_WITH_RC4_128_MD5] = - "SSLv3x_KRB5_WITH_RC4_128_MD5", - [SSLv3x_KRB5_WITH_IDEA_CBC_MD5] = - "SSLv3x_KRB5_WITH_IDEA_CBC_MD5", - [SSLv3x_KRB5_EXPORT_WITH_DES_CBC_40_SHA] = - "SSLv3x_KRB5_EXPORT_WITH_DES_CBC_40_SHA", - [SSLv3x_KRB5_EXPORT_WITH_RC2_CBC_40_SHA] = - "SSLv3x_KRB5_EXPORT_WITH_RC2_CBC_40_SHA", - [SSLv3x_KRB5_EXPORT_WITH_RC4_40_SHA] = - "SSLv3x_KRB5_EXPORT_WITH_RC4_40_SHA", - [SSLv3x_KRB5_EXPORT_WITH_DES_CBC_40_MD5] = - "SSLv3x_KRB5_EXPORT_WITH_DES_CBC_40_MD5", - [SSLv3x_KRB5_EXPORT_WITH_RC2_CBC_40_MD5] = - "SSLv3x_KRB5_EXPORT_WITH_RC2_CBC_40_MD5", - [SSLv3x_KRB5_EXPORT_WITH_RC4_40_MD5] = - "SSLv3x_KRB5_EXPORT_WITH_RC4_40_MD5", - [SSLv3x_RSA_WITH_AES_128_CBC_SHA] = - "SSLv3x_RSA_WITH_AES_128_CBC_SHA", - [SSLv3x_DH_DSS_WITH_AES_128_CBC_SHA] = - "SSLv3x_DH_DSS_WITH_AES_128_CBC_SHA", - [SSLv3x_DH_RSA_WITH_AES_128_CBC_SHA] = - "SSLv3x_DH_RSA_WITH_AES_128_CBC_SHA", - [SSLv3x_DHE_DSS_WITH_AES_128_CBC_SHA] = - "SSLv3x_DHE_DSS_WITH_AES_128_CBC_SHA", - [SSLv3x_DHE_RSA_WITH_AES_128_CBC_SHA] = - "SSLv3x_DHE_RSA_WITH_AES_128_CBC_SHA", - [SSLv3x_DH_anon_WITH_AES_128_CBC_SHA] = - "SSLv3x_DH_anon_WITH_AES_128_CBC_SHA", - [SSLv3x_RSA_WITH_AES_256_CBC_SHA] = - "SSLv3x_RSA_WITH_AES_256_CBC_SHA", - [SSLv3x_DH_DSS_WITH_AES_256_CBC_SHA] = - "SSLv3x_DH_DSS_WITH_AES_256_CBC_SHA", - [SSLv3x_DH_RSA_WITH_AES_256_CBC_SHA] = - "SSLv3x_DH_RSA_WITH_AES_256_CBC_SHA", - [SSLv3x_DHE_DSS_WITH_AES_256_CBC_SHA] = - "SSLv3x_DHE_DSS_WITH_AES_256_CBC_SHA", - [SSLv3x_DHE_RSA_WITH_AES_256_CBC_SHA] = - "SSLv3x_DHE_RSA_WITH_AES_256_CBC_SHA", - [SSLv3x_DH_anon_WITH_AES_256_CBC_SHA] = - "SSLv3x_DH_anon_WITH_AES_256_CBC_SHA", - - [TLS_RSA_WITH_CAMELLIA_128_CBC_SHA] = - "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA", - [TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA] = - "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA", - [TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA] = - "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA", - [TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA] = - "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA", - [TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA] = - "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA", - [TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA] = - "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA", - [TLS_ECDH_ECDSA_WITH_NULL_SHA] = - "TLS_ECDH_ECDSA_WITH_NULL_SHA", - [TLS_ECDH_ECDSA_WITH_RC4_128_SHA] = - "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", - [TLS_ECDH_ECDSA_WITH_DES_CBC_SHA] = - "TLS_ECDH_ECDSA_WITH_DES_CBC_SHA", - [TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA] = - "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", - [TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA] = - "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", - [TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA] = - "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", - [TLS_CK_RSA_EXPORT1024_WITH_RC4_56_MD5] = - "TLS_CK_RSA_EXPORT1024_WITH_RC4_56_MD5", - [TLS_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5] = - "TLS_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5", - [TLS_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA] = - "TLS_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA", - [TLS_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA] = - "TLS_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA", - [TLS_CK_RSA_EXPORT1024_WITH_RC4_56_SHA] = - "TLS_CK_RSA_EXPORT1024_WITH_RC4_56_SHA", - [TLS_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA] = - "TLS_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA", - [TLS_CK_DHE_DSS_WITH_RC4_128_SHA] = - "TLS_CK_DHE_DSS_WITH_RC4_128_SHA", - [TLS_RSA_WITH_CAMELLIA_256_CBC_SHA] = - "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA", - [TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA] = - "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA", - [TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA] = - "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA", - [TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA] = - "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA", - [TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA] = - "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA", - [TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA] = - "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA", - [TLS_PSK_WITH_RC4_128_SHA] = - "TLS_PSK_WITH_RC4_128_SHA", - [TLS_PSK_WITH_3DES_EDE_CBC_SHA] = - "TLS_PSK_WITH_3DES_EDE_CBC_SHA", - [TLS_PSK_WITH_AES_128_CBC_SHA] = - "TLS_PSK_WITH_AES_128_CBC_SHA", - [TLS_PSK_WITH_AES_256_CBC_SHA] = - "TLS_PSK_WITH_AES_256_CBC_SHA", - [TLS_DHE_PSK_WITH_RC4_128_SHA] = - "TLS_DHE_PSK_WITH_RC4_128_SHA", - [TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA] = - "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA", - [TLS_DHE_PSK_WITH_AES_128_CBC_SHA] = - "TLS_DHE_PSK_WITH_AES_128_CBC_SHA", - [TLS_DHE_PSK_WITH_AES_256_CBC_SHA] = - "TLS_DHE_PSK_WITH_AES_256_CBC_SHA", - [TLS_RSA_PSK_WITH_RC4_128_SHA] = - "TLS_RSA_PSK_WITH_RC4_128_SHA", - [TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA] = - "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA", - [TLS_RSA_PSK_WITH_AES_128_CBC_SHA] = - "TLS_RSA_PSK_WITH_AES_128_CBC_SHA", - [TLS_RSA_PSK_WITH_AES_256_CBC_SHA] = - "TLS_RSA_PSK_WITH_AES_256_CBC_SHA", - [TLS_RSA_WITH_SEED_CBC_SHA] = - "TLS_RSA_WITH_SEED_CBC_SHA", - [TLS_DH_DSS_WITH_SEED_CBC_SHA] = - "TLS_DH_DSS_WITH_SEED_CBC_SHA", - [TLS_DH_RSA_WITH_SEED_CBC_SHA] = - "TLS_DH_RSA_WITH_SEED_CBC_SHA", - [TLS_DHE_DSS_WITH_SEED_CBC_SHA] = - "TLS_DHE_DSS_WITH_SEED_CBC_SHA", - [TLS_DHE_RSA_WITH_SEED_CBC_SHA] = - "TLS_DHE_RSA_WITH_SEED_CBC_SHA", - [TLS_DH_anon_WITH_SEED_CBC_SHA] = - "TLS_DH_anon_WITH_SEED_CBC_SHA" + # --- TLS --- + [TLS_NULL_WITH_NULL_NULL] = "TLS_NULL_WITH_NULL_NULL", + [TLS_RSA_WITH_NULL_MD5] = "TLS_RSA_WITH_NULL_MD5", + [TLS_RSA_WITH_NULL_SHA] = "TLS_RSA_WITH_NULL_SHA", + [TLS_RSA_EXPORT_WITH_RC4_40_MD5] = "TLS_RSA_EXPORT_WITH_RC4_40_MD5", + [TLS_RSA_WITH_RC4_128_MD5] = "TLS_RSA_WITH_RC4_128_MD5", + [TLS_RSA_WITH_RC4_128_SHA] = "TLS_RSA_WITH_RC4_128_SHA", + [TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5] = "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5", + [TLS_RSA_WITH_IDEA_CBC_SHA] = "TLS_RSA_WITH_IDEA_CBC_SHA", + [TLS_RSA_EXPORT_WITH_DES40_CBC_SHA] = "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", + [TLS_RSA_WITH_DES_CBC_SHA] = "TLS_RSA_WITH_DES_CBC_SHA", + [TLS_RSA_WITH_3DES_EDE_CBC_SHA] = "TLS_RSA_WITH_3DES_EDE_CBC_SHA", + [TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA] = "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA", + [TLS_DH_DSS_WITH_DES_CBC_SHA] = "TLS_DH_DSS_WITH_DES_CBC_SHA", + [TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA] = "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA", + [TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA] = "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA", + [TLS_DH_RSA_WITH_DES_CBC_SHA] = "TLS_DH_RSA_WITH_DES_CBC_SHA", + [TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA] = "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA", + [TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA] = "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", + [TLS_DHE_DSS_WITH_DES_CBC_SHA] = "TLS_DHE_DSS_WITH_DES_CBC_SHA", + [TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA] = "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", + [TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA] = "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", + [TLS_DHE_RSA_WITH_DES_CBC_SHA] = "TLS_DHE_RSA_WITH_DES_CBC_SHA", + [TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA] = "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA", + [TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5] = "TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5", + [TLS_DH_ANON_WITH_RC4_128_MD5] = "TLS_DH_ANON_WITH_RC4_128_MD5", + [TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA] = "TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA", + [TLS_DH_ANON_WITH_DES_CBC_SHA] = "TLS_DH_ANON_WITH_DES_CBC_SHA", + [TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA] = "TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA", + [SSL_FORTEZZA_KEA_WITH_NULL_SHA] = "SSL_FORTEZZA_KEA_WITH_NULL_SHA", + [SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA] = "SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA", + [TLS_KRB5_WITH_DES_CBC_SHA] = "TLS_KRB5_WITH_DES_CBC_SHA", + [TLS_KRB5_WITH_3DES_EDE_CBC_SHA] = "TLS_KRB5_WITH_3DES_EDE_CBC_SHA", + [TLS_KRB5_WITH_RC4_128_SHA] = "TLS_KRB5_WITH_RC4_128_SHA", + [TLS_KRB5_WITH_IDEA_CBC_SHA] = "TLS_KRB5_WITH_IDEA_CBC_SHA", + [TLS_KRB5_WITH_DES_CBC_MD5] = "TLS_KRB5_WITH_DES_CBC_MD5", + [TLS_KRB5_WITH_3DES_EDE_CBC_MD5] = "TLS_KRB5_WITH_3DES_EDE_CBC_MD5", + [TLS_KRB5_WITH_RC4_128_MD5] = "TLS_KRB5_WITH_RC4_128_MD5", + [TLS_KRB5_WITH_IDEA_CBC_MD5] = "TLS_KRB5_WITH_IDEA_CBC_MD5", + [TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA] = "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA", + [TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA] = "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA", + [TLS_KRB5_EXPORT_WITH_RC4_40_SHA] = "TLS_KRB5_EXPORT_WITH_RC4_40_SHA", + [TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5] = "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5", + [TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5] = "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5", + [TLS_KRB5_EXPORT_WITH_RC4_40_MD5] = "TLS_KRB5_EXPORT_WITH_RC4_40_MD5", + [TLS_RSA_WITH_AES_128_CBC_SHA] = "TLS_RSA_WITH_AES_128_CBC_SHA", + [TLS_DH_DSS_WITH_AES_128_CBC_SHA] = "TLS_DH_DSS_WITH_AES_128_CBC_SHA", + [TLS_DH_RSA_WITH_AES_128_CBC_SHA] = "TLS_DH_RSA_WITH_AES_128_CBC_SHA", + [TLS_DHE_DSS_WITH_AES_128_CBC_SHA] = "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", + [TLS_DHE_RSA_WITH_AES_128_CBC_SHA] = "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", + [TLS_DH_ANON_WITH_AES_128_CBC_SHA] = "TLS_DH_ANON_WITH_AES_128_CBC_SHA", + [TLS_RSA_WITH_AES_256_CBC_SHA] = "TLS_RSA_WITH_AES_256_CBC_SHA", + [TLS_DH_DSS_WITH_AES_256_CBC_SHA] = "TLS_DH_DSS_WITH_AES_256_CBC_SHA", + [TLS_DH_RSA_WITH_AES_256_CBC_SHA] = "TLS_DH_RSA_WITH_AES_256_CBC_SHA", + [TLS_DHE_DSS_WITH_AES_256_CBC_SHA] = "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", + [TLS_DHE_RSA_WITH_AES_256_CBC_SHA] = "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", + [TLS_DH_ANON_WITH_AES_256_CBC_SHA] = "TLS_DH_ANON_WITH_AES_256_CBC_SHA", + [TLS_RSA_WITH_NULL_SHA256] = "TLS_RSA_WITH_NULL_SHA256", + [TLS_RSA_WITH_AES_128_CBC_SHA256] = "TLS_RSA_WITH_AES_128_CBC_SHA256", + [TLS_RSA_WITH_AES_256_CBC_SHA256] = "TLS_RSA_WITH_AES_256_CBC_SHA256", + [TLS_DH_DSS_WITH_AES_128_CBC_SHA256] = "TLS_DH_DSS_WITH_AES_128_CBC_SHA256", + [TLS_DH_RSA_WITH_AES_128_CBC_SHA256] = "TLS_DH_RSA_WITH_AES_128_CBC_SHA256", + [TLS_DHE_DSS_WITH_AES_128_CBC_SHA256] = "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", + [TLS_RSA_WITH_CAMELLIA_128_CBC_SHA] = "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA", + [TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA] = "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA", + [TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA] = "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA", + [TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA] = "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA", + [TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA] = "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA", + [TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA] = "TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA", + [TLS_RSA_EXPORT1024_WITH_RC4_56_MD5] = "TLS_RSA_EXPORT1024_WITH_RC4_56_MD5", + [TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5] = "TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5", + [TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA] = "TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA", + [TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA] = "TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA", + [TLS_RSA_EXPORT1024_WITH_RC4_56_SHA] = "TLS_RSA_EXPORT1024_WITH_RC4_56_SHA", + [TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA] = "TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA", + [TLS_DHE_DSS_WITH_RC4_128_SHA] = "TLS_DHE_DSS_WITH_RC4_128_SHA", + [TLS_DHE_RSA_WITH_AES_128_CBC_SHA256] = "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", + [TLS_DH_DSS_WITH_AES_256_CBC_SHA256] = "TLS_DH_DSS_WITH_AES_256_CBC_SHA256", + [TLS_DH_RSA_WITH_AES_256_CBC_SHA256] = "TLS_DH_RSA_WITH_AES_256_CBC_SHA256", + [TLS_DHE_DSS_WITH_AES_256_CBC_SHA256] = "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", + [TLS_DHE_RSA_WITH_AES_256_CBC_SHA256] = "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", + [TLS_DH_ANON_WITH_AES_128_CBC_SHA256] = "TLS_DH_ANON_WITH_AES_128_CBC_SHA256", + [TLS_DH_ANON_WITH_AES_256_CBC_SHA256] = "TLS_DH_ANON_WITH_AES_256_CBC_SHA256", + [TLS_RSA_WITH_CAMELLIA_256_CBC_SHA] = "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA", + [TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA] = "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA", + [TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA] = "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA", + [TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA] = "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA", + [TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA] = "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA", + [TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA] = "TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA", + [TLS_PSK_WITH_RC4_128_SHA] = "TLS_PSK_WITH_RC4_128_SHA", + [TLS_PSK_WITH_3DES_EDE_CBC_SHA] = "TLS_PSK_WITH_3DES_EDE_CBC_SHA", + [TLS_PSK_WITH_AES_128_CBC_SHA] = "TLS_PSK_WITH_AES_128_CBC_SHA", + [TLS_PSK_WITH_AES_256_CBC_SHA] = "TLS_PSK_WITH_AES_256_CBC_SHA", + [TLS_DHE_PSK_WITH_RC4_128_SHA] = "TLS_DHE_PSK_WITH_RC4_128_SHA", + [TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA] = "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA", + [TLS_DHE_PSK_WITH_AES_128_CBC_SHA] = "TLS_DHE_PSK_WITH_AES_128_CBC_SHA", + [TLS_DHE_PSK_WITH_AES_256_CBC_SHA] = "TLS_DHE_PSK_WITH_AES_256_CBC_SHA", + [TLS_RSA_PSK_WITH_RC4_128_SHA] = "TLS_RSA_PSK_WITH_RC4_128_SHA", + [TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA] = "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA", + [TLS_RSA_PSK_WITH_AES_128_CBC_SHA] = "TLS_RSA_PSK_WITH_AES_128_CBC_SHA", + [TLS_RSA_PSK_WITH_AES_256_CBC_SHA] = "TLS_RSA_PSK_WITH_AES_256_CBC_SHA", + [TLS_RSA_WITH_SEED_CBC_SHA] = "TLS_RSA_WITH_SEED_CBC_SHA", + [TLS_DH_DSS_WITH_SEED_CBC_SHA] = "TLS_DH_DSS_WITH_SEED_CBC_SHA", + [TLS_DH_RSA_WITH_SEED_CBC_SHA] = "TLS_DH_RSA_WITH_SEED_CBC_SHA", + [TLS_DHE_DSS_WITH_SEED_CBC_SHA] = "TLS_DHE_DSS_WITH_SEED_CBC_SHA", + [TLS_DHE_RSA_WITH_SEED_CBC_SHA] = "TLS_DHE_RSA_WITH_SEED_CBC_SHA", + [TLS_DH_ANON_WITH_SEED_CBC_SHA] = "TLS_DH_ANON_WITH_SEED_CBC_SHA", + [TLS_RSA_WITH_AES_128_GCM_SHA256] = "TLS_RSA_WITH_AES_128_GCM_SHA256", + [TLS_RSA_WITH_AES_256_GCM_SHA384] = "TLS_RSA_WITH_AES_256_GCM_SHA384", + [TLS_DHE_RSA_WITH_AES_128_GCM_SHA256] = "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", + [TLS_DHE_RSA_WITH_AES_256_GCM_SHA384] = "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", + [TLS_DH_RSA_WITH_AES_128_GCM_SHA256] = "TLS_DH_RSA_WITH_AES_128_GCM_SHA256", + [TLS_DH_RSA_WITH_AES_256_GCM_SHA384] = "TLS_DH_RSA_WITH_AES_256_GCM_SHA384", + [TLS_DHE_DSS_WITH_AES_128_GCM_SHA256] = "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", + [TLS_DHE_DSS_WITH_AES_256_GCM_SHA384] = "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", + [TLS_DH_DSS_WITH_AES_128_GCM_SHA256] = "TLS_DH_DSS_WITH_AES_128_GCM_SHA256", + [TLS_DH_DSS_WITH_AES_256_GCM_SHA384] = "TLS_DH_DSS_WITH_AES_256_GCM_SHA384", + [TLS_DH_ANON_WITH_AES_128_GCM_SHA256] = "TLS_DH_ANON_WITH_AES_128_GCM_SHA256", + [TLS_DH_ANON_WITH_AES_256_GCM_SHA384] = "TLS_DH_ANON_WITH_AES_256_GCM_SHA384", + [TLS_PSK_WITH_AES_128_GCM_SHA256] = "TLS_PSK_WITH_AES_128_GCM_SHA256", + [TLS_PSK_WITH_AES_256_GCM_SHA384] = "TLS_PSK_WITH_AES_256_GCM_SHA384", + [TLS_DHE_PSK_WITH_AES_128_GCM_SHA256] = "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256", + [TLS_DHE_PSK_WITH_AES_256_GCM_SHA384] = "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384", + [TLS_RSA_PSK_WITH_AES_128_GCM_SHA256] = "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256", + [TLS_RSA_PSK_WITH_AES_256_GCM_SHA384] = "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384", + [TLS_PSK_WITH_AES_128_CBC_SHA256] = "TLS_PSK_WITH_AES_128_CBC_SHA256", + [TLS_PSK_WITH_AES_256_CBC_SHA384] = "TLS_PSK_WITH_AES_256_CBC_SHA384", + [TLS_PSK_WITH_NULL_SHA256] = "TLS_PSK_WITH_NULL_SHA256", + [TLS_PSK_WITH_NULL_SHA384] = "TLS_PSK_WITH_NULL_SHA384", + [TLS_DHE_PSK_WITH_AES_128_CBC_SHA256] = "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256", + [TLS_DHE_PSK_WITH_AES_256_CBC_SHA384] = "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384", + [TLS_DHE_PSK_WITH_NULL_SHA256] = "TLS_DHE_PSK_WITH_NULL_SHA256", + [TLS_DHE_PSK_WITH_NULL_SHA384] = "TLS_DHE_PSK_WITH_NULL_SHA384", + [TLS_RSA_PSK_WITH_AES_128_CBC_SHA256] = "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256", + [TLS_RSA_PSK_WITH_AES_256_CBC_SHA384] = "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384", + [TLS_RSA_PSK_WITH_NULL_SHA256] = "TLS_RSA_PSK_WITH_NULL_SHA256", + [TLS_RSA_PSK_WITH_NULL_SHA384] = "TLS_RSA_PSK_WITH_NULL_SHA384", + [TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256] = "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256", + [TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256] = "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256", + [TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256] = "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256", + [TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256] = "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256", + [TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256] = "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", + [TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA256] = "TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA256", + [TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256] = "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256", + [TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256] = "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256", + [TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256] = "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256", + [TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256] = "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256", + [TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256] = "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256", + [TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA256] = "TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA256", + [TLS_ECDH_ECDSA_WITH_NULL_SHA] = "TLS_ECDH_ECDSA_WITH_NULL_SHA", + [TLS_ECDH_ECDSA_WITH_RC4_128_SHA] = "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", + [TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA] = "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", + [TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA] = "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", + [TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA] = "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", + [TLS_ECDHE_ECDSA_WITH_NULL_SHA] = "TLS_ECDHE_ECDSA_WITH_NULL_SHA", + [TLS_ECDHE_ECDSA_WITH_RC4_128_SHA] = "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", + [TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA] = "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", + [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA] = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", + [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA] = "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", + [TLS_ECDH_RSA_WITH_NULL_SHA] = "TLS_ECDH_RSA_WITH_NULL_SHA", + [TLS_ECDH_RSA_WITH_RC4_128_SHA] = "TLS_ECDH_RSA_WITH_RC4_128_SHA", + [TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA] = "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", + [TLS_ECDH_RSA_WITH_AES_128_CBC_SHA] = "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", + [TLS_ECDH_RSA_WITH_AES_256_CBC_SHA] = "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", + [TLS_ECDHE_RSA_WITH_NULL_SHA] = "TLS_ECDHE_RSA_WITH_NULL_SHA", + [TLS_ECDHE_RSA_WITH_RC4_128_SHA] = "TLS_ECDHE_RSA_WITH_RC4_128_SHA", + [TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA] = "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", + [TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA] = "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", + [TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA] = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", + [TLS_ECDH_ANON_WITH_NULL_SHA] = "TLS_ECDH_ANON_WITH_NULL_SHA", + [TLS_ECDH_ANON_WITH_RC4_128_SHA] = "TLS_ECDH_ANON_WITH_RC4_128_SHA", + [TLS_ECDH_ANON_WITH_3DES_EDE_CBC_SHA] = "TLS_ECDH_ANON_WITH_3DES_EDE_CBC_SHA", + [TLS_ECDH_ANON_WITH_AES_128_CBC_SHA] = "TLS_ECDH_ANON_WITH_AES_128_CBC_SHA", + [TLS_ECDH_ANON_WITH_AES_256_CBC_SHA] = "TLS_ECDH_ANON_WITH_AES_256_CBC_SHA", + [TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA] = "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA", + [TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA] = "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA", + [TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA] = "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA", + [TLS_SRP_SHA_WITH_AES_128_CBC_SHA] = "TLS_SRP_SHA_WITH_AES_128_CBC_SHA", + [TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA] = "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA", + [TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA] = "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA", + [TLS_SRP_SHA_WITH_AES_256_CBC_SHA] = "TLS_SRP_SHA_WITH_AES_256_CBC_SHA", + [TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA] = "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA", + [TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA] = "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA", + [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256] = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", + [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384] = "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", + [TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256] = "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256", + [TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384] = "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", + [TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256] = "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", + [TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384] = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", + [TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256] = "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256", + [TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384] = "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", + [TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256] = "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + [TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384] = "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", + [TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256] = "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", + [TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384] = "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", + [TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] = "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", + [TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384] = "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", + [TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256] = "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", + [TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384] = "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", + [TLS_ECDHE_PSK_WITH_RC4_128_SHA] = "TLS_ECDHE_PSK_WITH_RC4_128_SHA", + [TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA] = "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA", + [TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA] = "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA", + [TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA] = "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA", + [TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256] = "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256", + [TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384] = "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384", + [TLS_ECDHE_PSK_WITH_NULL_SHA] = "TLS_ECDHE_PSK_WITH_NULL_SHA", + [TLS_ECDHE_PSK_WITH_NULL_SHA256] = "TLS_ECDHE_PSK_WITH_NULL_SHA256", + [TLS_ECDHE_PSK_WITH_NULL_SHA384] = "TLS_ECDHE_PSK_WITH_NULL_SHA384", + [SSL_RSA_FIPS_WITH_DES_CBC_SHA] = "SSL_RSA_FIPS_WITH_DES_CBC_SHA", + [SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA] = "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA", + [SSL_RSA_FIPS_WITH_DES_CBC_SHA_2] = "SSL_RSA_FIPS_WITH_DES_CBC_SHA_2", + [SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA_2] = "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA_2", }; @@ -385,101 +471,218 @@ const ssl_cipher_desc: table[count] of string = { const ssl_cipherset_EXPORT: set[count] = { SSLv20_CK_RC4_128_EXPORT40_WITH_MD5, SSLv20_CK_RC2_128_CBC_EXPORT40_WITH_MD5, - SSLv3x_RSA_EXPORT_WITH_RC4_40_MD5, - SSLv3x_RSA_EXPORT_WITH_RC2_CBC_40_MD5, - SSLv3x_RSA_EXPORT_WITH_DES40_CBC_SHA, - SSLv3x_DH_DSS_EXPORT_WITH_DES40_CBC_SHA, - SSLv3x_DH_RSA_EXPORT_WITH_DES40_CBC_SHA, - SSLv3x_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, - SSLv3x_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, - SSLv3x_DH_anon_EXPORT_WITH_RC4_40_MD5, - SSLv3x_DH_anon_EXPORT_WITH_DES40_CBC_SHA, - SSLv3x_KRB5_EXPORT_WITH_DES_CBC_40_SHA, - SSLv3x_KRB5_EXPORT_WITH_RC2_CBC_40_SHA, - SSLv3x_KRB5_EXPORT_WITH_RC4_40_SHA, - SSLv3x_KRB5_EXPORT_WITH_DES_CBC_40_MD5, - SSLv3x_KRB5_EXPORT_WITH_RC2_CBC_40_MD5, - SSLv3x_KRB5_EXPORT_WITH_RC4_40_MD5 + TLS_RSA_EXPORT_WITH_RC4_40_MD5, + TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, + TLS_RSA_EXPORT_WITH_DES40_CBC_SHA, + TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA, + TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA, + TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, + TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, + TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5, + TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA, + TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, + TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA, + TLS_KRB5_EXPORT_WITH_RC4_40_SHA, + TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5, + TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5, + TLS_KRB5_EXPORT_WITH_RC4_40_MD5, + TLS_RSA_EXPORT1024_WITH_RC4_56_MD5, + TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, + TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, + TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, + TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, + TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, }; # --- this set holds all DES ciphers const ssl_cipherset_DES: set[count] = { SSLv20_CK_DES_64_CBC_WITH_MD5, - SSLv3x_RSA_EXPORT_WITH_DES40_CBC_SHA, - SSLv3x_RSA_WITH_DES_CBC_SHA, - SSLv3x_DH_DSS_EXPORT_WITH_DES40_CBC_SHA, - SSLv3x_DH_DSS_WITH_DES_CBC_SHA, - SSLv3x_DH_RSA_EXPORT_WITH_DES40_CBC_SHA, - SSLv3x_DH_RSA_WITH_DES_CBC_SHA, - SSLv3x_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, - SSLv3x_DHE_DSS_WITH_DES_CBC_SHA, - SSLv3x_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, - SSLv3x_DHE_RSA_WITH_DES_CBC_SHA, - SSLv3x_DH_anon_EXPORT_WITH_DES40_CBC_SHA, - SSLv3x_DH_anon_WITH_DES_CBC_SHA, - SSLv3x_KRB5_WITH_DES_CBC_SHA, - SSLv3x_KRB5_WITH_DES_CBC_MD5, - SSLv3x_KRB5_EXPORT_WITH_DES_CBC_40_SHA, - SSLv3x_KRB5_EXPORT_WITH_DES_CBC_40_MD5 + TLS_RSA_EXPORT_WITH_DES40_CBC_SHA, + TLS_RSA_WITH_DES_CBC_SHA, + TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA, + TLS_DH_DSS_WITH_DES_CBC_SHA, + TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA, + TLS_DH_RSA_WITH_DES_CBC_SHA, + TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, + TLS_DHE_DSS_WITH_DES_CBC_SHA, + TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, + TLS_DHE_RSA_WITH_DES_CBC_SHA, + TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA, + TLS_DH_ANON_WITH_DES_CBC_SHA, + TLS_KRB5_WITH_DES_CBC_SHA, + TLS_KRB5_WITH_DES_CBC_MD5, + TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, + TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5, + TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, + TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, + SSL_RSA_FIPS_WITH_DES_CBC_SHA, + SSL_RSA_FIPS_WITH_DES_CBC_SHA_2, }; # --- this set holds all 3DES ciphers const ssl_cipherset_3DES: set[count] = { SSLv20_CK_DES_192_EDE3_CBC_WITH_MD5, - SSLv3x_DH_DSS_WITH_3DES_EDE_CBC_SHA, - SSLv3x_DH_RSA_WITH_3DES_EDE_CBC_SHA, - SSLv3x_DHE_DSS_WITH_3DES_EDE_CBC_SHA, - SSLv3x_DHE_RSA_WITH_3DES_EDE_CBC_SHA, - SSLv3x_DH_anon_WITH_3DES_EDE_CBC_SHA, - SSLv3x_KRB5_WITH_3DES_EDE_CBC_SHA, - SSLv3x_KRB5_WITH_3DES_EDE_CBC_MD5 + TLS_RSA_WITH_3DES_EDE_CBC_SHA, + TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA, + TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA, + TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, + TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, + TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA, + TLS_KRB5_WITH_3DES_EDE_CBC_SHA, + TLS_KRB5_WITH_3DES_EDE_CBC_MD5, + TLS_PSK_WITH_3DES_EDE_CBC_SHA, + TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA, + TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA, + TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, + TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, + TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, + TLS_ECDH_ANON_WITH_3DES_EDE_CBC_SHA, + TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA, + TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA, + TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA, + TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, + SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, + SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA_2, }; # --- this set holds all RC2 ciphers const ssl_cipherset_RC2: set[count] = { SSLv20_CK_RC2_128_CBC_WITH_MD5, SSLv20_CK_RC2_128_CBC_EXPORT40_WITH_MD5, - SSLv3x_RSA_EXPORT_WITH_RC2_CBC_40_MD5, - SSLv3x_KRB5_EXPORT_WITH_RC2_CBC_40_SHA, - SSLv3x_KRB5_EXPORT_WITH_RC2_CBC_40_MD5 + TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, + TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA, + TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5, + TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, }; # --- this set holds all RC4 ciphers const ssl_cipherset_RC4: set[count] = { SSLv20_CK_RC4_128_WITH_MD5, SSLv20_CK_RC4_128_EXPORT40_WITH_MD5, - SSLv3x_RSA_EXPORT_WITH_RC4_40_MD5, - SSLv3x_RSA_WITH_RC4_128_MD5, - SSLv3x_RSA_WITH_RC4_128_SHA, - SSLv3x_DH_anon_EXPORT_WITH_RC4_40_MD5, - SSLv3x_DH_anon_WITH_RC4_128_MD5, - SSLv3x_KRB5_WITH_RC4_128_SHA, - SSLv3x_KRB5_WITH_RC4_128_MD5, - SSLv3x_KRB5_EXPORT_WITH_RC4_40_SHA, - SSLv3x_KRB5_EXPORT_WITH_RC4_40_MD5 + TLS_RSA_EXPORT_WITH_RC4_40_MD5, + TLS_RSA_WITH_RC4_128_MD5, + TLS_RSA_WITH_RC4_128_SHA, + TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5, + TLS_DH_ANON_WITH_RC4_128_MD5, + TLS_KRB5_WITH_RC4_128_SHA, + TLS_KRB5_WITH_RC4_128_MD5, + TLS_KRB5_EXPORT_WITH_RC4_40_SHA, + TLS_KRB5_EXPORT_WITH_RC4_40_MD5, + TLS_RSA_EXPORT1024_WITH_RC4_56_MD5, + TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, + TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, + TLS_DHE_DSS_WITH_RC4_128_SHA, + TLS_PSK_WITH_RC4_128_SHA, + TLS_DHE_PSK_WITH_RC4_128_SHA, + TLS_RSA_PSK_WITH_RC4_128_SHA, + TLS_ECDH_ECDSA_WITH_RC4_128_SHA, + TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, + TLS_ECDH_RSA_WITH_RC4_128_SHA, + TLS_ECDHE_RSA_WITH_RC4_128_SHA, + TLS_ECDH_ANON_WITH_RC4_128_SHA, + TLS_ECDHE_PSK_WITH_RC4_128_SHA, }; # --- this set holds all IDEA ciphers const ssl_cipherset_IDEA: set[count] = { SSLv20_CK_IDEA_128_CBC_WITH_MD5, - SSLv3x_RSA_WITH_IDEA_CBC_SHA, - SSLv3x_KRB5_WITH_IDEA_CBC_SHA, - SSLv3x_KRB5_WITH_IDEA_CBC_MD5 + TLS_RSA_WITH_IDEA_CBC_SHA, + TLS_KRB5_WITH_IDEA_CBC_SHA, + TLS_KRB5_WITH_IDEA_CBC_MD5 }; # --- this set holds all AES ciphers const ssl_cipherset_AES: set[count] = { - SSLv3x_RSA_WITH_AES_128_CBC_SHA, - SSLv3x_DH_DSS_WITH_AES_128_CBC_SHA, - SSLv3x_DH_RSA_WITH_AES_128_CBC_SHA, - SSLv3x_DHE_DSS_WITH_AES_128_CBC_SHA, - SSLv3x_DHE_RSA_WITH_AES_128_CBC_SHA, - SSLv3x_DH_anon_WITH_AES_128_CBC_SHA, - SSLv3x_RSA_WITH_AES_256_CBC_SHA, - SSLv3x_DH_DSS_WITH_AES_256_CBC_SHA, - SSLv3x_DH_RSA_WITH_AES_256_CBC_SHA, - SSLv3x_DHE_DSS_WITH_AES_256_CBC_SHA, - SSLv3x_DHE_RSA_WITH_AES_256_CBC_SHA, - SSLv3x_DH_anon_WITH_AES_256_CBC_SHA + TLS_RSA_WITH_AES_128_CBC_SHA, + TLS_DH_DSS_WITH_AES_128_CBC_SHA, + TLS_DH_RSA_WITH_AES_128_CBC_SHA, + TLS_DHE_DSS_WITH_AES_128_CBC_SHA, + TLS_DHE_RSA_WITH_AES_128_CBC_SHA, + TLS_DH_ANON_WITH_AES_128_CBC_SHA, + TLS_RSA_WITH_AES_256_CBC_SHA, + TLS_DH_DSS_WITH_AES_256_CBC_SHA, + TLS_DH_RSA_WITH_AES_256_CBC_SHA, + TLS_DHE_DSS_WITH_AES_256_CBC_SHA, + TLS_DHE_RSA_WITH_AES_256_CBC_SHA, + TLS_DH_ANON_WITH_AES_256_CBC_SHA, + TLS_RSA_WITH_AES_128_CBC_SHA256, + TLS_RSA_WITH_AES_256_CBC_SHA256, + TLS_DH_DSS_WITH_AES_128_CBC_SHA256, + TLS_DH_RSA_WITH_AES_128_CBC_SHA256, + TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, + TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, + TLS_DH_DSS_WITH_AES_256_CBC_SHA256, + TLS_DH_RSA_WITH_AES_256_CBC_SHA256, + TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, + TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, + TLS_DH_ANON_WITH_AES_128_CBC_SHA256, + TLS_DH_ANON_WITH_AES_256_CBC_SHA256, + TLS_PSK_WITH_AES_128_CBC_SHA, + TLS_PSK_WITH_AES_256_CBC_SHA, + TLS_DHE_PSK_WITH_AES_128_CBC_SHA, + TLS_DHE_PSK_WITH_AES_256_CBC_SHA, + TLS_RSA_PSK_WITH_AES_128_CBC_SHA, + TLS_RSA_PSK_WITH_AES_256_CBC_SHA, + TLS_RSA_WITH_AES_128_GCM_SHA256, + TLS_RSA_WITH_AES_256_GCM_SHA384, + TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, + TLS_DH_RSA_WITH_AES_128_GCM_SHA256, + TLS_DH_RSA_WITH_AES_256_GCM_SHA384, + TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, + TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, + TLS_DH_DSS_WITH_AES_128_GCM_SHA256, + TLS_DH_DSS_WITH_AES_256_GCM_SHA384, + TLS_DH_ANON_WITH_AES_128_GCM_SHA256, + TLS_DH_ANON_WITH_AES_256_GCM_SHA384, + TLS_PSK_WITH_AES_128_GCM_SHA256, + TLS_PSK_WITH_AES_256_GCM_SHA384, + TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, + TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, + TLS_RSA_PSK_WITH_AES_128_GCM_SHA256, + TLS_RSA_PSK_WITH_AES_256_GCM_SHA384, + TLS_PSK_WITH_AES_128_CBC_SHA256, + TLS_PSK_WITH_AES_256_CBC_SHA384, + TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, + TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, + TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, + TLS_RSA_PSK_WITH_AES_256_CBC_SHA384, + TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, + TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, + TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, + TLS_ECDH_ANON_WITH_AES_128_CBC_SHA, + TLS_ECDH_ANON_WITH_AES_256_CBC_SHA, + TLS_SRP_SHA_WITH_AES_128_CBC_SHA, + TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA, + TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA, + TLS_SRP_SHA_WITH_AES_256_CBC_SHA, + TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA, + TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, + TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, + TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, + TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, + TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, + TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, + TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, + TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, + TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, + TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, + TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, + TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, }; diff --git a/policy/ssl.bro b/policy/ssl.bro index 216abb2d10..6a347a14cc 100644 --- a/policy/ssl.bro +++ b/policy/ssl.bro @@ -85,29 +85,28 @@ const myWeakCiphers: set[count] = { SSLv20_CK_RC2_128_CBC_EXPORT40_WITH_MD5, SSLv20_CK_DES_64_CBC_WITH_MD5, - SSLv3x_NULL_WITH_NULL_NULL, - SSLv3x_RSA_WITH_NULL_MD5, - SSLv3x_RSA_WITH_NULL_SHA, - SSLv3x_RSA_EXPORT_WITH_RC4_40_MD5, - SSLv3x_RSA_EXPORT_WITH_RC2_CBC_40_MD5, - SSLv3x_RSA_EXPORT_WITH_DES40_CBC_SHA, - SSLv3x_RSA_WITH_DES_CBC_SHA, + TLS_NULL_WITH_NULL_NULL, + TLS_RSA_WITH_NULL_MD5, + TLS_RSA_WITH_NULL_SHA, + TLS_RSA_EXPORT_WITH_RC4_40_MD5, + TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, + TLS_RSA_EXPORT_WITH_DES40_CBC_SHA, + TLS_RSA_WITH_DES_CBC_SHA, - SSLv3x_DH_DSS_EXPORT_WITH_DES40_CBC_SHA, - SSLv3x_DH_DSS_WITH_DES_CBC_SHA, - SSLv3x_DH_RSA_EXPORT_WITH_DES40_CBC_SHA, - SSLv3x_DH_RSA_WITH_DES_CBC_SHA, - SSLv3x_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, - SSLv3x_DHE_DSS_WITH_DES_CBC_SHA, - SSLv3x_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, - SSLv3x_DHE_RSA_WITH_DES_CBC_SHA, + TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA, + TLS_DH_DSS_WITH_DES_CBC_SHA, + TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA, + TLS_DH_RSA_WITH_DES_CBC_SHA, + TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, + TLS_DHE_DSS_WITH_DES_CBC_SHA, + TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, + TLS_DHE_RSA_WITH_DES_CBC_SHA, - SSLv3x_DH_anon_EXPORT_WITH_RC4_40_MD5, - SSLv3x_DH_anon_WITH_RC4_128_MD5, - SSLv3x_DH_anon_EXPORT_WITH_DES40_CBC_SHA, - SSLv3x_DH_anon_WITH_DES_CBC_SHA, - SSLv3x_DH_anon_WITH_3DES_EDE_CBC_SHA, - SSLv3x_FORTEZZA_KEA_WITH_NULL_SHA + TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5, + TLS_DH_ANON_WITH_RC4_128_MD5, + TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA, + TLS_DH_ANON_WITH_DES_CBC_SHA, + TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA, }; const x509_ignore_errors: set[int] = { diff --git a/src/SSLCiphers.cc b/src/SSLCiphers.cc index 1eaf3898e2..e8972beb21 100644 --- a/src/SSLCiphers.cc +++ b/src/SSLCiphers.cc @@ -389,16 +389,16 @@ SSL_CipherSpec SSL_CipherSpecs[] = { 96, 160 }, - { SSL_FORTEZZA_KEA_WITH_RC4_128_SHA, - SSL_CIPHER_TYPE_STREAM, - SSL_FLAG_SSLv30, - SSL_CIPHER_RC4, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_FORTEZZA_KEA, - 0, - 128, - 160 - }, + //{ SSL_FORTEZZA_KEA_WITH_RC4_128_SHA, + // SSL_CIPHER_TYPE_STREAM, + // SSL_FLAG_SSLv30, + // SSL_CIPHER_RC4, + // SSL_MAC_SHA, + // SSL_KEY_EXCHANGE_FORTEZZA_KEA, + // 0, + // 128, + // 160 + //}, // --- special SSLv3 FIPS ciphers { SSL_RSA_FIPS_WITH_DES_CBC_SHA, SSL_CIPHER_TYPE_BLOCK, @@ -591,7 +591,439 @@ SSL_CipherSpec SSL_CipherSpecs[] = { 0, 256, 160 - } + }, + { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_CAMELLIA, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_RSA, + 0, + 128, + 160 + }, + { TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_CAMELLIA, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_DH_DSS, + 0, + 128, + 160 + }, + { TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_CAMELLIA, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_DH_RSA, + 0, + 128, + 160 + }, + { TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_CAMELLIA, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_DHE_DSS, + 0, + 128, + 160 + }, + { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_CAMELLIA, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_DHE_RSA, + 0, + 128, + 160 + }, + { TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_CAMELLIA, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_DH_ANON, + 0, + 128, + 160 + }, + { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_CAMELLIA, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_RSA, + 0, + 256, + 160 + }, + { TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_CAMELLIA, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_DH_DSS, + 0, + 256, + 160 + }, + { TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_CAMELLIA, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_DH_RSA, + 0, + 256, + 160 + }, + { TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_CAMELLIA, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_DHE_DSS, + 0, + 256, + 160 + }, + { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_CAMELLIA, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_DHE_RSA, + 0, + 256, + 160 + }, + { TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_CAMELLIA, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_DH_ANON, + 0, + 256, + 160 + }, + { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_3DES, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_ECDHE_ECDSA, + 0, + 168, + 160 + }, + { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_AES, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_ECDHE_ECDSA, + 0, + 128, + 160 + }, + { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_AES, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_ECDHE_ECDSA, + 0, + 256, + 160 + }, + { TLS_ECDHE_ECDSA_WITH_NULL_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_NULL, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_ECDHE_ECDSA, + 0, + 0, + 160 + }, + { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_RC4, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_ECDHE_ECDSA, + 0, + 128, + 160 + }, + { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_3DES, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_ECDHE_RSA, + 0, + 168, + 160 + }, + { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_AES, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_ECDHE_RSA, + 0, + 128, + 160 + }, + { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_AES, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_ECDHE_RSA, + 0, + 256, + 160 + }, + { TLS_ECDHE_RSA_WITH_NULL_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_NULL, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_ECDHE_RSA, + 0, + 0, + 160 + }, + { TLS_ECDHE_RSA_WITH_RC4_128_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_RC4, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_ECDHE_RSA, + 0, + 128, + 160 + }, + { TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_3DES, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_ECDH_ECDSA, + 0, + 168, + 160 + }, + { TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_AES, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_ECDH_ECDSA, + 0, + 128, + 160 + }, + { TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_AES, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_ECDH_ECDSA, + 0, + 256, + 160 + }, + { TLS_ECDH_ECDSA_WITH_NULL_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_NULL, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_ECDH_ECDSA, + 0, + 0, + 160 + }, + { TLS_ECDH_ECDSA_WITH_RC4_128_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_RC4, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_ECDH_ECDSA, + 0, + 128, + 160 + }, + { TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_3DES, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_ECDH_RSA, + 0, + 168, + 160 + }, + { TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_AES, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_ECDH_RSA, + 0, + 128, + 160 + }, + { TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_AES, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_ECDH_RSA, + 0, + 256, + 160 + }, + { TLS_ECDH_RSA_WITH_NULL_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_NULL, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_ECDH_RSA, + 0, + 0, + 160 + }, + { TLS_ECDH_RSA_WITH_RC4_128_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_RC4, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_ECDH_RSA, + 0, + 128, + 160 + }, + { TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_3DES, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_ECDH_ANON, + 0, + 168, + 160 + }, + { TLS_ECDH_anon_WITH_AES_128_CBC_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_AES, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_ECDH_ANON, + 0, + 128, + 160 + }, + { TLS_ECDH_anon_WITH_AES_256_CBC_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_AES, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_ECDH_ANON, + 0, + 256, + 160 + }, + { TLS_ECDH_anon_WITH_NULL_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_NULL, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_ECDH_ANON, + 0, + 0, + 160 + }, + { TLS_ECDH_anon_WITH_RC4_128_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_RC4, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_ECDH_ANON, + 0, + 128, + 160 + }, + { TLS_RSA_WITH_SEED_CBC_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_SEED, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_RSA, + 0, + 128, + 160 + }, + { TLS_DH_DSS_WITH_SEED_CBC_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_SEED, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_DH_DSS, + 0, + 128, + 160 + }, + { TLS_DH_RSA_WITH_SEED_CBC_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_SEED, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_DH_RSA, + 0, + 128, + 160 + }, + { TLS_DHE_DSS_WITH_SEED_CBC_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_SEED, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_DHE_DSS, + 0, + 128, + 160 + }, + { TLS_DHE_RSA_WITH_SEED_CBC_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_SEED, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_DHE_RSA, + 0, + 128, + 160 + }, + { TLS_DH_anon_WITH_SEED_CBC_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_SEED, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_DH_ANON, + 0, + 128, + 160 + }, + + }; const uint SSL_CipherSpecs_Count = diff --git a/src/SSLCiphers.h b/src/SSLCiphers.h index 389c4d1992..5d13b5b8b6 100644 --- a/src/SSLCiphers.h +++ b/src/SSLCiphers.h @@ -12,14 +12,14 @@ */ enum SSLv2_CipherSpec { // --- standard SSLv2 ciphers - SSL_CK_RC4_128_WITH_MD5 = 0x010080, - SSL_CK_RC4_128_EXPORT40_WITH_MD5 = 0x020080, - SSL_CK_RC2_128_CBC_WITH_MD5 = 0x030080, - SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 = 0x040080, - SSL_CK_IDEA_128_CBC_WITH_MD5 = 0x050080, - SSL_CK_DES_64_CBC_WITH_MD5 = 0x060040, - SSL_CK_DES_192_EDE3_CBC_WITH_MD5 = 0x0700C0, - SSL_CK_RC4_64_WITH_MD5 = 0x080080 + SSL_CK_RC4_128_WITH_MD5 = 0x010080, + SSL_CK_RC4_128_EXPORT40_WITH_MD5 = 0x020080, + SSL_CK_RC2_128_CBC_WITH_MD5 = 0x030080, + SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 = 0x040080, + SSL_CK_IDEA_128_CBC_WITH_MD5 = 0x050080, + SSL_CK_DES_64_CBC_WITH_MD5 = 0x060040, + SSL_CK_DES_192_EDE3_CBC_WITH_MD5 = 0x0700C0, + SSL_CK_RC4_64_WITH_MD5 = 0x080080 }; @@ -28,60 +28,236 @@ enum SSLv2_CipherSpec { */ enum SSL3_1_CipherSpec { // --- standard SSLv3x ciphers - TLS_NULL_WITH_NULL_NULL = 0x0000, - TLS_RSA_WITH_NULL_MD5 = 0x0001, - TLS_RSA_WITH_NULL_SHA = 0x0002, - TLS_RSA_EXPORT_WITH_RC4_40_MD5 = 0x0003, - TLS_RSA_WITH_RC4_128_MD5 = 0x0004, - TLS_RSA_WITH_RC4_128_SHA = 0x0005, - TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = 0x0006, - TLS_RSA_WITH_IDEA_CBC_SHA = 0x0007, - TLS_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0008, - TLS_RSA_WITH_DES_CBC_SHA = 0x0009, - TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A, - TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x000B, - TLS_DH_DSS_WITH_DES_CBC_SHA = 0x000C, - TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA = 0x000D, - TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x000E, - TLS_DH_RSA_WITH_DES_CBC_SHA = 0x000F, - TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0010, - TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x0011, - TLS_DHE_DSS_WITH_DES_CBC_SHA = 0x0012, - TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 0x0013, - TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0014, - TLS_DHE_RSA_WITH_DES_CBC_SHA = 0x0015, - TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x0016, - TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5 = 0x0017, - TLS_DH_ANON_WITH_RC4_128_MD5 = 0x0018, - TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA = 0x0019, - TLS_DH_ANON_WITH_DES_CBC_SHA = 0x001A, - TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA = 0x001B, - // --- special SSLv3 ciphers - SSL_FORTEZZA_KEA_WITH_NULL_SHA = 0x001C, - SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA = 0x001D, - SSL_FORTEZZA_KEA_WITH_RC4_128_SHA = 0x001E, - // --- special SSLv3 FIPS ciphers - SSL_RSA_FIPS_WITH_DES_CBC_SHA = 0xFEFE, - SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA = 0XFEFF, - // --- new 56 bit export ciphers - TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA = 0x0062, - TLS_RSA_EXPORT1024_WITH_RC4_56_SHA = 0x0064, - TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA = 0x0063, - TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA = 0x0065, - TLS_DHE_DSS_WITH_RC4_128_SHA = 0x0066, + TLS_NULL_WITH_NULL_NULL = 0x0000, + TLS_RSA_WITH_NULL_MD5 = 0x0001, + TLS_RSA_WITH_NULL_SHA = 0x0002, + TLS_RSA_EXPORT_WITH_RC4_40_MD5 = 0x0003, + TLS_RSA_WITH_RC4_128_MD5 = 0x0004, + TLS_RSA_WITH_RC4_128_SHA = 0x0005, + TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = 0x0006, + TLS_RSA_WITH_IDEA_CBC_SHA = 0x0007, + TLS_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0008, + TLS_RSA_WITH_DES_CBC_SHA = 0x0009, + TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A, + TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x000B, + TLS_DH_DSS_WITH_DES_CBC_SHA = 0x000C, + TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA = 0x000D, + TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x000E, + TLS_DH_RSA_WITH_DES_CBC_SHA = 0x000F, + TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0010, + TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x0011, + TLS_DHE_DSS_WITH_DES_CBC_SHA = 0x0012, + TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 0x0013, + TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0014, + TLS_DHE_RSA_WITH_DES_CBC_SHA = 0x0015, + TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x0016, + TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5 = 0x0017, + TLS_DH_ANON_WITH_RC4_128_MD5 = 0x0018, + TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA = 0x0019, + TLS_DH_ANON_WITH_DES_CBC_SHA = 0x001A, + TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA = 0x001B, + // --- special SSLv3 ciphers + SSL_FORTEZZA_KEA_WITH_NULL_SHA = 0x001C, + SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA = 0x001D, + //SSL_FORTEZZA_KEA_WITH_RC4_128_SHA = 0x001E, + // -- RFC 2712 (ciphers not fully described in SSLCiphers.cc) + TLS_KRB5_WITH_DES_CBC_SHA = 0x001E, + TLS_KRB5_WITH_3DES_EDE_CBC_SHA = 0x001F, + TLS_KRB5_WITH_RC4_128_SHA = 0x0020, + TLS_KRB5_WITH_IDEA_CBC_SHA = 0x0021, + TLS_KRB5_WITH_DES_CBC_MD5 = 0x0022, + TLS_KRB5_WITH_3DES_EDE_CBC_MD5 = 0x0023, + TLS_KRB5_WITH_RC4_128_MD5 = 0x0024, + TLS_KRB5_WITH_IDEA_CBC_MD5 = 0x0025, + TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA = 0x0026, + TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA = 0x0027, + TLS_KRB5_EXPORT_WITH_RC4_40_SHA = 0x0028, + TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 = 0x0029, + TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5 = 0x002A, + TLS_KRB5_EXPORT_WITH_RC4_40_MD5 = 0x002B, + // --- new AES ciphers - TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F, - TLS_DH_DSS_WITH_AES_128_CBC_SHA = 0x0030, - TLS_DH_RSA_WITH_AES_128_CBC_SHA = 0x0031, - TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 0x0032, - TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x0033, - TLS_DH_ANON_WITH_AES_128_CBC_SHA = 0x0034, - TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035, - TLS_DH_DSS_WITH_AES_256_CBC_SHA = 0x0036, - TLS_DH_RSA_WITH_AES_256_CBC_SHA = 0x0037, - TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 0x0038, - TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x0039, - TLS_DH_ANON_WITH_AES_256_CBC_SHA = 0x003A + TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F, + TLS_DH_DSS_WITH_AES_128_CBC_SHA = 0x0030, + TLS_DH_RSA_WITH_AES_128_CBC_SHA = 0x0031, + TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 0x0032, + TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x0033, + TLS_DH_ANON_WITH_AES_128_CBC_SHA = 0x0034, + TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035, + TLS_DH_DSS_WITH_AES_256_CBC_SHA = 0x0036, + TLS_DH_RSA_WITH_AES_256_CBC_SHA = 0x0037, + TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 0x0038, + TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x0039, + TLS_DH_ANON_WITH_AES_256_CBC_SHA = 0x003A, + TLS_RSA_WITH_NULL_SHA256 = 0x003B, + TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x003C, + TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x003D, + TLS_DH_DSS_WITH_AES_128_CBC_SHA256 = 0x003E, + TLS_DH_RSA_WITH_AES_128_CBC_SHA256 = 0x003F, + TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 = 0x0040, + // -- RFC 4132 + TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0041, + TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA = 0x0042, + TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0043, + TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA = 0x0044, + TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0045, + TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA = 0x0046, + // -- Non-RFC. Widely deployed implementation (ciphers not fully described in SSLCiphers.cc) + TLS_RSA_EXPORT1024_WITH_RC4_56_MD5 = 0x0060, + TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 = 0x0061, + TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA = 0x0062, + TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA = 0x0063, + TLS_RSA_EXPORT1024_WITH_RC4_56_SHA = 0x0064, + TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA = 0x0065, + TLS_DHE_DSS_WITH_RC4_128_SHA = 0x0066, + // -- RFC 5246 (ciphers not fully described in SSLCiphers.cc) + TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x0067, + TLS_DH_DSS_WITH_AES_256_CBC_SHA256 = 0x0068, + TLS_DH_RSA_WITH_AES_256_CBC_SHA256 = 0x0069, + TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 = 0x006A, + TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x006B, + TLS_DH_ANON_WITH_AES_128_CBC_SHA256 = 0x006C, + TLS_DH_ANON_WITH_AES_256_CBC_SHA256 = 0x006D, + // -- RFC 5932 + TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0084, + TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA = 0x0085, + TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0086, + TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA = 0x0087, + TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0088, + TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA = 0x0089, + // -- RFC 4279 (ciphers not fully described in SSLCiphers.cc) + TLS_PSK_WITH_RC4_128_SHA = 0x008A, + TLS_PSK_WITH_3DES_EDE_CBC_SHA = 0x008B, + TLS_PSK_WITH_AES_128_CBC_SHA = 0x008C, + TLS_PSK_WITH_AES_256_CBC_SHA = 0x008D, + TLS_DHE_PSK_WITH_RC4_128_SHA = 0x008E, + TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA = 0x008F, + TLS_DHE_PSK_WITH_AES_128_CBC_SHA = 0x0090, + TLS_DHE_PSK_WITH_AES_256_CBC_SHA = 0x0091, + TLS_RSA_PSK_WITH_RC4_128_SHA = 0x0092, + TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA = 0x0093, + TLS_RSA_PSK_WITH_AES_128_CBC_SHA = 0x0094, + TLS_RSA_PSK_WITH_AES_256_CBC_SHA = 0x0095, + // -- RFC 4162 + TLS_RSA_WITH_SEED_CBC_SHA = 0x0096, + TLS_DH_DSS_WITH_SEED_CBC_SHA = 0x0097, + TLS_DH_RSA_WITH_SEED_CBC_SHA = 0x0098, + TLS_DHE_DSS_WITH_SEED_CBC_SHA = 0x0099, + TLS_DHE_RSA_WITH_SEED_CBC_SHA = 0x009A, + TLS_DH_ANON_WITH_SEED_CBC_SHA = 0x009B, + // -- RFC 5288 (ciphers not fully described in SSLCiphers.cc) + TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x009C, + TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x009D, + TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x009E, + TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x009F, + TLS_DH_RSA_WITH_AES_128_GCM_SHA256 = 0x00A0, + TLS_DH_RSA_WITH_AES_256_GCM_SHA384 = 0x00A1, + TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 = 0x00A2, + TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 = 0x00A3, + TLS_DH_DSS_WITH_AES_128_GCM_SHA256 = 0x00A4, + TLS_DH_DSS_WITH_AES_256_GCM_SHA384 = 0x00A5, + TLS_DH_ANON_WITH_AES_128_GCM_SHA256 = 0x00A6, + TLS_DH_ANON_WITH_AES_256_GCM_SHA384 = 0x00A7, + // -- RFC 5487 (ciphers not fully described in SSLCiphers.cc) + TLS_PSK_WITH_AES_128_GCM_SHA256 = 0x00A8, + TLS_PSK_WITH_AES_256_GCM_SHA384 = 0x00A9, + TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = 0x00AA, + TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = 0x00AB, + TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 = 0x00AC, + TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 = 0x00AD, + TLS_PSK_WITH_AES_128_CBC_SHA256 = 0x00AE, + TLS_PSK_WITH_AES_256_CBC_SHA384 = 0x00AF, + TLS_PSK_WITH_NULL_SHA256 = 0x00B0, + TLS_PSK_WITH_NULL_SHA384 = 0x00B1, + TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = 0x00B2, + TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = 0x00B3, + TLS_DHE_PSK_WITH_NULL_SHA256 = 0x00B4, + TLS_DHE_PSK_WITH_NULL_SHA384 = 0x00B5, + TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 = 0x00B6, + TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 = 0x00B7, + TLS_RSA_PSK_WITH_NULL_SHA256 = 0x00B8, + TLS_RSA_PSK_WITH_NULL_SHA384 = 0x00B9, + // -- RFC 5932 (ciphers not fully described in SSLCiphers.cc) + TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BA, + TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BB, + TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BC, + TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BD, + TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BE, + TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BF, + TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C0, + TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C1, + TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C2, + TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C3, + TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C4, + TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C5, + // -- RFC 4492 + TLS_ECDH_ECDSA_WITH_NULL_SHA = 0xC001, + TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0xC002, + TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0xC003, + TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 0xC004, + TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0xC005, + TLS_ECDHE_ECDSA_WITH_NULL_SHA = 0xC006, + TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0xC007, + TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0xC008, + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0xC009, + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0xC00A, + TLS_ECDH_RSA_WITH_NULL_SHA = 0xC00B, + TLS_ECDH_RSA_WITH_RC4_128_SHA = 0xC00C, + TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = 0xC00D, + TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = 0xC00E, + TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 0xC00F, + TLS_ECDHE_RSA_WITH_NULL_SHA = 0xC010, + TLS_ECDHE_RSA_WITH_RC4_128_SHA = 0xC011, + TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0xC012, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0xC013, + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0xC014, + TLS_ECDH_ANON_WITH_NULL_SHA = 0xC015, + TLS_ECDH_ANON_WITH_RC4_128_SHA = 0xC016, + TLS_ECDH_ANON_WITH_3DES_EDE_CBC_SHA = 0xC017, + TLS_ECDH_ANON_WITH_AES_128_CBC_SHA = 0xC018, + TLS_ECDH_ANON_WITH_AES_256_CBC_SHA = 0xC019, + // -- RFC 5054 (ciphers not fully described in SSLCiphers.cc) + TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA = 0xC01A, + TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA = 0xC01B, + TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA = 0xC01C, + TLS_SRP_SHA_WITH_AES_128_CBC_SHA = 0xC01D, + TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA = 0xC01E, + TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA = 0xC01F, + TLS_SRP_SHA_WITH_AES_256_CBC_SHA = 0xC020, + TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA = 0xC021, + TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA = 0xC022, + // -- RFC 5289 (ciphers not fully described in SSLCiphers.cc) + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC023, + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC024, + TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC025, + TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC026, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0xC027, + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0xC028, + TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = 0xC029, + TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 0xC02A, + TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02B, + TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02C, + TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02D, + TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02E, + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0xC02F, + TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0xC030, + TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 0xC031, + TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = 0xC032, + // -- RFC 5489 (ciphers not fully described in SSLCiphers.cc) + TLS_ECDHE_PSK_WITH_RC4_128_SHA = 0xC033, + TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA = 0xC034, + TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA = 0xC035, + TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA = 0xC036, + TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 = 0xC037, + TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 = 0xC038, + TLS_ECDHE_PSK_WITH_NULL_SHA = 0xC039, + TLS_ECDHE_PSK_WITH_NULL_SHA256 = 0xC03A, + TLS_ECDHE_PSK_WITH_NULL_SHA384 = 0xC03B, + // --- special SSLv3 FIPS ciphers + SSL_RSA_FIPS_WITH_DES_CBC_SHA = 0xFEFE, + SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA = 0xFEFF, + SSL_RSA_FIPS_WITH_DES_CBC_SHA_2 = 0xFFE1, + SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA_2 = 0xFFe0, }; enum SSL_CipherType { @@ -99,7 +275,9 @@ enum SSL_BulkCipherAlgorithm { SSL_CIPHER_DES40, SSL_CIPHER_FORTEZZA, SSL_CIPHER_IDEA, - SSL_CIPHER_AES + SSL_CIPHER_AES, + SSL_CIPHER_CAMELLIA, + SSL_CIPHER_SEED, }; enum SSL_MACAlgorithm { @@ -126,7 +304,13 @@ enum SSL_KeyExchangeAlgorithm { SSL_KEY_EXCHANGE_FORTEZZA_KEA, // --- new 56 bit export ciphers SSL_KEY_EXCHANGE_RSA_EXPORT1024, - SSL_KEY_EXCHANGE_DHE_DSS_EXPORT1024 + SSL_KEY_EXCHANGE_DHE_DSS_EXPORT1024, + // -- Elliptic Curve key change algorithms (rfc4492) + SSL_KEY_EXCHANGE_ECDH_ECDSA, + SSL_KEY_EXCHANGE_ECDHE_ECDSA, + SSL_KEY_EXCHANGE_ECDH_RSA, + SSL_KEY_EXCHANGE_ECDHE_RSA, + SSL_KEY_EXCHANGE_ECDH_ANON, }; #if 0